good catch - I had them actually *copied* ... but nevertheless, I shall probably *link* them as I copied cert1.pem, etc ... otherwise, in three months I will wonder why MQTT stopped working suddenly ;)
On Fri, Sep 29, 2023 at 4:35 PM Graham Eddy <[email protected]> wrote: > i was expecting log file to show either file not found (misnamed) or > permission denied (user ‘mosquitto’ not able to read). maybe need to add > log_type > debug to config file to get that message. anyway, looks like you fixed > perms problem > > note: if you *moved* (not copied) them from letsencrypt, better put them > back then copy them, or the cert refresh will get confused > *⊣GE⊢* > > On 30 Sep 2023, at 12:25 am, Stefan Gliessmann < > [email protected]> wrote: > > Well - I just moved my certs from the lets encrypt dir to the > mosquitto/cert dir and now mosquitto restarted without problems ... :) > > > On Fri, Sep 29, 2023 at 3:41 PM Graham Eddy <[email protected]> wrote: > >> try sudo journalctl -u mosquitto -n 50 to see the log messages (or sudo >> tail -50 /var/log/mosquitto/* if it puts them there instead) >> *⊣GE⊢* >> >> On 29 Sep 2023, at 11:35 pm, Stefan Gliessmann < >> [email protected]> wrote: >> >> I am trying to get my weather station web presence secure with https:// >> Therefore, I also need my MQTT server be secure via SSL. >> >> I followed the setup by >> https://obrienlabs.net/how-to-setup-your-own-mqtt-broker/ >> >> I received my certificates from Let's encrypt and edited my mosquitto >> config file accordingly: >> >> GNU nano 6.2 /etc/mosquitto/conf.d/myconfig.conf >> >> persistence false >> allow_anonymous true >> #allow_zero_length_clientid true >> password_file /etc/mosquitto/passwd >> acl_file /etc/mosquitto/acl >> # mqtt >> #listener 1883 localhost >> listener 8883 >> certfile /etc/letsencrypt/live/ >> weewx.bz3gfkrlqtrsc3sv.myfritz.net/cert.pem >> cafile /etc/letsencrypt/live/weewx.bz3gfkrlqtrsc3sv.myfritz.net/chain.pem >> keyfile /etc/letsencrypt/live/ >> weewx.bz3gfkrlqtrsc3sv.myfritz.net/privkey.pem >> tls_version tlsv1.2 >> protocol mqtt >> # websockets >> listener 9001 >> certfile /etc/letsencrypt/live/ >> weewx.bz3gfkrlqtrsc3sv.myfritz.net/cert.pem >> cafile /etc/letsencrypt/live/weewx.bz3gfkrlqtrsc3sv.myfritz.net/chain.pem >> keyfile /etc/letsencrypt/live/ >> weewx.bz3gfkrlqtrsc3sv.myfritz.net/privkey.pem >> protocol websockets >> >> every time I reboot now mosquitto, I get an error by mosquitto: >> >> root@weewx:/# sudo systemctl restart mosquitto.service >> Job for mosquitto.service failed because the control process exited with >> error code. >> See "systemctl status mosquitto.service" and "journalctl -xeu >> mosquitto.service" for details. >> root@weewx:/# sudo systemctl status mosquitto.service >> *×* mosquitto.service - Mosquitto MQTT Broker >> Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; >> vendor preset: enabled) >> Active: *failed* (Result: exit-code) since Fri 2023-09-29 15:32:19 >> CEST; 1s ago >> Docs: man:mosquitto.conf(5) >> man:mosquitto(8) >> Process: 542132 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto >> (code=exited, status=0/SUCCESS) >> Process: 542133 ExecStartPre=/bin/chown mosquitto /var/log/mosquitto >> (code=exited, status=0/SUCCESS) >> Process: 542134 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto >> (code=exited, status=0/SUCCESS) >> Process: 542135 ExecStartPre=/bin/chown mosquitto /run/mosquitto >> (code=exited, status=0/SUCCESS) >> Process: 542136 ExecStart=/usr/sbin/mosquitto -c >> /etc/mosquitto/mosquitto.conf *(code=exited, status=1/FAILURE)* >> Main PID: 542136 (code=exited, status=1/FAILURE) >> CPU: 22ms >> >> Sep 29 15:32:19 weewx systemd[1]: mosquitto.service: Scheduled restart >> job, restart counter is at 5. >> Sep 29 15:32:19 weewx systemd[1]: Stopped Mosquitto MQTT Broker. >> Sep 29 15:32:19 weewx systemd[1]: *mosquitto.service: Start request >> repeated too quickly.* >> Sep 29 15:32:19 weewx systemd[1]: *mosquitto.service: Failed with result >> 'exit-code'.* >> Sep 29 15:32:19 weewx systemd[1]: *Failed to start Mosquitto MQTT >> Broker.* >> root@weewx:/# >> >> Once I command the certificates out, mosquitto starts up fine. >> >> I double checked that the certificates can be read by everybody. >> >> Any clue what else I check for? >> >> TIA, >> Stefan >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "weewx-user" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/weewx-user/0fb5acdb-156e-489c-a3bb-06acfe4381a8n%40googlegroups.com >> <https://groups.google.com/d/msgid/weewx-user/0fb5acdb-156e-489c-a3bb-06acfe4381a8n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "weewx-user" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/weewx-user/wP9f-eDW6tk/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/weewx-user/049C6B06-B1C3-4335-A1A3-B690452E44B1%40geddy.au >> <https://groups.google.com/d/msgid/weewx-user/049C6B06-B1C3-4335-A1A3-B690452E44B1%40geddy.au?utm_medium=email&utm_source=footer> >> . >> > > -- > You received this message because you are subscribed to the Google Groups > "weewx-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/weewx-user/CACXWM9Rx8n03ZtFY%3DKjAn%2BN-4YxpGnemgO%2BjiZ-BX4Pf4JqOPA%40mail.gmail.com > <https://groups.google.com/d/msgid/weewx-user/CACXWM9Rx8n03ZtFY%3DKjAn%2BN-4YxpGnemgO%2BjiZ-BX4Pf4JqOPA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > > -- > You received this message because you are subscribed to a topic in the > Google Groups "weewx-user" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/weewx-user/wP9f-eDW6tk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/weewx-user/3FF61460-DF86-4D66-AA8C-EE99B0978672%40geddy.au > <https://groups.google.com/d/msgid/weewx-user/3FF61460-DF86-4D66-AA8C-EE99B0978672%40geddy.au?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/CACXWM9S8fyc9PB2moG3ZPZPAqD9Te6i2ZC3PwA%2BDNeGY_etubw%40mail.gmail.com.
